14 DAY TRIAL // Vodafone Australia has officially admitted that one of its employees has illegally accessed Natalie O’Brien's phone, a journalist who had previously published negative stories about the company.
The hacking took place in 2011, after Natalie O’Brien had written a series of stories in the Sydney Morning Herald, detailing security issues with Vodafone's Siebel system.
According to O'Brien's articles, the Siebel CRM (Customer Relationship Management) platform could easily be accessed online, all with generic passwords, exposing sensitive and private client information.
Vodafone confesses to the hack, blames it on one rogue employee
According to an official statement from Vodafone Australia, one of its staff accessed O'Brien's phone and downloaded messages and call records so that they could discover the source of her articles.
"The investigation found there was no evidence VHA (Vodafone Hutchison Australia) management had instructed the employee to access the messages and that VHA staff were fully aware of their legal obligations in relation to customer information," said Vodafone Australia. "As a result of our investigation, several retail staff were dismissed for breaches of VHA security policies."
Both the Office of the Information Commissioner and the Australian Communications and Media Authority launched investigations into the matter.
Company execs immediately knew it would be a media scandal
According to internal Vodafone emails, the company was well aware of the PR disaster this would cause if it ever got out.
The Australian quotes these emails, "If the issue relating to breaching the reporter’s privacy by searching her private call records and text messages gets into the public domain, this could have serious consequences given it is a breach of the Australian Telecommunications Act."
The company also notes that, since the 2011 incident, Vodafone has updated its Siebel CRM platform to avoid data leaks but has also appointed a dedicated privacy officer who oversees that customer privacy is protected and enforced inside the company.